SagerNet/sing-tun
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-tun.git synced 2025-04-05 21:07:43 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix windows firewall for system stack

Browse source
This commit is contained in:
世界 2023-05-03 23:03:51 +08:00
parent 209ec123ca
commit 6999634511
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
4 changed files with 88 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

1
stack.go
View file

@ -28,6 +28,7 @@ type StackOptions struct {
Logger logger.Logger Logger logger.Logger
ForwarderBindInterface bool ForwarderBindInterface bool
InterfaceFinder control.InterfaceFinder InterfaceFinder control.InterfaceFinder
ExperimentalFixWindowsFirewall bool
} }
func NewStack( func NewStack(

8
system.go
View file

@ -42,6 +42,7 @@ type System struct {
routeMapping *RouteMapping routeMapping *RouteMapping
bindInterface bool bindInterface bool
interfaceFinder control.InterfaceFinder interfaceFinder control.InterfaceFinder
fixWindowsFirewall bool
} }
type Session struct { type Session struct {
@ -65,6 +66,7 @@ func NewSystem(options StackOptions) (Stack, error) {
inet6Prefixes: options.Inet6Address, inet6Prefixes: options.Inet6Address,
bindInterface: options.ForwarderBindInterface, bindInterface: options.ForwarderBindInterface,
interfaceFinder: options.InterfaceFinder, interfaceFinder: options.InterfaceFinder,
fixWindowsFirewall: options.ExperimentalFixWindowsFirewall,
} }
if stack.router != nil { if stack.router != nil {
stack.routeMapping = NewRouteMapping(options.UDPTimeout) stack.routeMapping = NewRouteMapping(options.UDPTimeout)
@ -97,6 +99,12 @@ func (s *System) Close() error {
} }
func (s *System) Start() error { func (s *System) Start() error {
if s.fixWindowsFirewall {
err := fixWindowsFirewall()
if err != nil {
return E.Cause(err, "fix windows firewall for system stack")
}
}
var listener net.ListenConfig var listener net.ListenConfig
if s.bindInterface { if s.bindInterface {
listener.Control = control.Append(listener.Control, func(network, address string, conn syscall.RawConn) error { listener.Control = control.Append(listener.Control, func(network, address string, conn syscall.RawConn) error {

7
system_nonwindows.go Normal file
View file

@ -0,0 +1,7 @@
//go:build !windows
package tun
func fixWindowsFirewall() error {
return nil
}

47
system_windows.go Normal file
View file

@ -0,0 +1,47 @@
package tun
import (
"os"
"os/exec"
"path/filepath"
E "github.com/sagernet/sing/common/exceptions"
F "github.com/sagernet/sing/common/format"
"github.com/sagernet/sing/common/shell"
)
func fixWindowsFirewall() error {
const shellStringSplit = "\""
isPWSH := true
powershell, err := exec.LookPath("pwsh.exe")
if err != nil {
powershell, err = exec.LookPath("powershell.exe")
isPWSH = false
}
if err != nil {
return nil
}
ruleName := "sing-tun rule for " + os.Args[0]
commandPrefix := []string{"-NoProfile", "-NonInteractive"}
if isPWSH {
commandPrefix = append(commandPrefix, "-Command")
}
err = shell.Exec(powershell, append(commandPrefix,
F.ToString("Get-NetFirewallRule -Name ", shellStringSplit, ruleName, shellStringSplit))...).Run()
if err == nil {
return nil
}
fileName := filepath.Base(os.Args[0])
output, err := shell.Exec(powershell, append(commandPrefix,
F.ToString("New-NetFirewallRule",
" -Name ", shellStringSplit, ruleName, shellStringSplit,
" -DisplayName ", shellStringSplit, "sing-tun (", fileName, ")", shellStringSplit,
" -Program ", shellStringSplit, os.Args[0], shellStringSplit,
" -Direction Inbound",
" -Protocol TCP",
" -Action Allow"))...).Read()
if err != nil {
return E.Extend(err, output)
}
return nil
}